tag:blogger.com,1999:blog-7684737362922576550.post6540799019851696916..comments2023-04-13T11:29:20.429+02:00Comments on Dragon Sector: Update: Dragon Sector wins the PHDays CTF Finals 2014!Gynvael Coldwindhttp://www.blogger.com/profile/03896699037255726570noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-7684737362922576550.post-63840214260811692182014-06-11T10:52:38.188+02:002014-06-11T10:52:38.188+02:00Well done, guys! We're glad you liked the even...Well done, guys! We're glad you liked the event!<br />BTW, we've just published the story videos: http://www.youtube.com/user/PositiveTechnologies/videos<br />muodovhttps://www.blogger.com/profile/01114018272648129452noreply@blogger.comtag:blogger.com,1999:blog-7684737362922576550.post-77436723616346941732014-06-11T07:44:44.995+02:002014-06-11T07:44:44.995+02:00Good job!
There was no length extension attack in ...Good job!<br />There was no length extension attack in mobol ;) and pickle RCE was possible only with file write from another service.<br />the actual bug was that passwords were stored in a bloom filter, and there was kind of a race condition in registering users, so you could register far more than 7 users in a room (this made exploiting the password bug very easy).rnysteryhttps://www.blogger.com/profile/06840732133786330958noreply@blogger.com